Control bodies for cfengine components
COMPONENT common
PROMISE TYPE control
| bundlesequence |
slist |
.* |
List of promise bundles to verify in order
|
| goal_categories |
slist |
(arbitrary string) |
A list of context names that represent parent categories for goals (goal patterns)
|
| goal_patterns |
slist |
(arbitrary string) |
A list of regular expressions that match promisees/topics considered to be organizational goals
|
| ignore_missing_bundles |
(menu option) |
true,
false,
yes,
no,
on,
off |
If any bundles in the bundlesequence do not exist, ignore and continue
|
| ignore_missing_inputs |
(menu option) |
true,
false,
yes,
no,
on,
off |
If any input files do not exist, ignore and continue
|
| inputs |
slist |
.* |
List of additional filenames to parse for promises
|
| version |
string |
(arbitrary string) |
Scalar version string for this configuration
|
| lastseenexpireafter |
int |
0,99999999999 |
Number of minutes after which last-seen entries are purged
|
| output_prefix |
string |
(arbitrary string) |
The string prefix for standard output
|
| domain |
string |
.* |
Specify the domain name for this host
|
| require_comments |
(menu option) |
true,
false,
yes,
no,
on,
off |
Warn about promises that do not have comment documentation
|
| host_licenses_paid |
int |
0,99999999999 |
The number of licenses that you promise to have paid for by setting this value (legally binding for commercial license)
|
| site_classes |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
A list of classes that will represent geographical
site locations for hosts. These should be defined elsewhere in the
configuration in a classes promise.
|
| syslog_host |
string |
[a-zA-Z0-9_$(){}.:-]+ |
The name or address of a host to which syslog messages should be sent directly by UDP
|
| syslog_port |
int |
0,99999999999 |
The port number of a UDP syslog service
|
| fips_mode |
(menu option) |
true,
false,
yes,
no,
on,
off |
Activate full FIPS mode restrictions
|
COMPONENT agent
PROMISE TYPE control
| abortclasses |
slist |
.* |
A list of classes which if defined lead to termination of cf-agent
|
| abortbundleclasses |
slist |
.* |
A list of classes which if defined lead to termination of current bundle
|
| addclasses |
slist |
.* |
A list of classes to be defined always in the current context
|
| agentaccess |
slist |
.* |
A list of user names allowed to execute cf-agent
|
| agentfacility |
(menu option) |
LOG_USER,
LOG_DAEMON,
LOG_LOCAL0,
LOG_LOCAL1,
LOG_LOCAL2,
LOG_LOCAL3,
LOG_LOCAL4,
LOG_LOCAL5,
LOG_LOCAL6,
LOG_LOCAL7 |
The syslog facility for cf-agent
|
| alwaysvalidate |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false flag to determine whether configurations will always be checked before executing, or only after updates
|
| auditing |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false flag to activate the cf-agent audit log
|
| binarypaddingchar |
string |
(arbitrary string) |
Character used to pad unequal replacements in binary editing
|
| bindtointerface |
string |
.* |
Use this interface for outgoing connections
|
| hashupdates |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether stored hashes are updated when change is detected in source
|
| childlibpath |
string |
.* |
LD_LIBRARY_PATH for child processes
|
| checksum_alert_time |
int |
0,60 |
The persistence time for the checksum_alert class
|
| defaultcopytype |
(menu option) |
mtime,
atime,
ctime,
digest,
hash,
binary |
(null)
|
| dryrun |
(menu option) |
true,
false,
yes,
no,
on,
off |
All talk and no action mode
|
| editbinaryfilesize |
int |
0,99999999999 |
Integer limit on maximum binary file size to be edited
|
| editfilesize |
int |
0,99999999999 |
Integer limit on maximum text file size to be edited
|
| environment |
slist |
[A-Za-z0-9_]+=.* |
List of environment variables to be inherited by children
|
| exclamation |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false print exclamation marks during security warnings
|
| expireafter |
int |
0,99999999999 |
Global default for time before on-going promise repairs are interrupted
|
| files_single_copy |
slist |
(arbitrary string) |
List of filenames to be watched for multiple-source conflicts
|
| files_auto_define |
slist |
(arbitrary string) |
List of filenames to define classes if copied
|
| hostnamekeys |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false label ppkeys by hostname not IP address
|
| ifelapsed |
int |
0,99999999999 |
Global default for time that must elapse before promise will be rechecked
|
| inform |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false set inform level default
|
| intermittency |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false store detailed recordings of last observed time for all client-server connections for reliability assessment (false)
|
| max_children |
int |
0,99999999999 |
Maximum number of background tasks that should be allowed concurrently
|
| maxconnections |
int |
0,99999999999 |
Maximum number of outgoing connections to cf-serverd
|
| mountfilesystems |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false mount any filesystems promised
|
| nonalphanumfiles |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false warn about filenames with no alphanumeric content
|
| repchar |
string |
. |
The character used to canonize pathnames in the file repository
|
| refresh_processes |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
Reload the process table before verifying the bundles named in this list (lazy evaluation)
|
| default_repository |
string |
"?(/.*) |
Path to the default file repository
|
| secureinput |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false check whether input files are writable by unauthorized users
|
| sensiblecount |
int |
0,99999999999 |
Minimum number of files a mounted filesystem is expected to have
|
| sensiblesize |
int |
0,99999999999 |
Minimum number of bytes a mounted filesystem is expected to have
|
| skipidentify |
(menu option) |
true,
false,
yes,
no,
on,
off |
Do not send IP/name during server connection because address resolution is broken
|
| suspiciousnames |
slist |
(arbitrary string) |
List of names to warn about if found during any file search
|
| syslog |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switches on output to syslog at the inform level
|
| track_value |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switches on tracking of promise valuation
|
| timezone |
slist |
(arbitrary string) |
List of allowed timezones this machine must comply with
|
| default_timeout |
int |
0,99999999999 |
Maximum time a network connection should attempt to connect
|
| verbose |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switches on verbose standard output
|
COMPONENT server
PROMISE TYPE control
| allowallconnects |
slist |
(arbitrary string) |
List of IPs or hostnames that may have more than one connection to the server port
|
| allowconnects |
slist |
(arbitrary string) |
List of IPs or hostnames that may connect to the server port
|
| allowusers |
slist |
(arbitrary string) |
List of usernames who may execute requests from this server
|
| auditing |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false activate auditing of server connections
|
| bindtointerface |
string |
(arbitrary string) |
IP of the interface to which the server should bind on multi-homed hosts
|
| cfruncommand |
string |
"?(/.*) |
Path to the cf-agent command or cf-execd wrapper for remote execution
|
| denybadclocks |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false accept connections from hosts with clocks that are out of sync
|
| denyconnects |
slist |
(arbitrary string) |
List of IPs or hostnames that may NOT connect to the server port
|
| dynamicaddresses |
slist |
(arbitrary string) |
List of IPs or hostnames for which the IP/name binding is expected to change
|
| hostnamekeys |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false store keys using hostname lookup instead of IP addresses
|
| keycacheTTL |
int |
0,99999999999 |
Maximum number of hours to hold public keys in the cache
|
| logallconnections |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false causes the server to log all new connections to syslog
|
| logencryptedtransfers |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false log all successful transfers required to be encrypted
|
| maxconnections |
int |
0,99999999999 |
Maximum number of connections that will be accepted by cf-serverd
|
| port |
int |
1024,99999 |
Default port for cfengine server
|
| serverfacility |
(menu option) |
LOG_USER,
LOG_DAEMON,
LOG_LOCAL0,
LOG_LOCAL1,
LOG_LOCAL2,
LOG_LOCAL3,
LOG_LOCAL4,
LOG_LOCAL5,
LOG_LOCAL6,
LOG_LOCAL7 |
Menu option for syslog facility level
|
| skipverify |
slist |
(arbitrary string) |
List of IPs or hostnames for which we expect no DNS binding and cannot verify
|
| trustkeysfrom |
slist |
(arbitrary string) |
List of IPs from whom we accept public keys on trust
|
COMPONENT monitor
PROMISE TYPE control
| forgetrate |
real |
0,1 |
Decimal fraction [0,1] weighting of new values over old in 2d-average computation
|
| monitorfacility |
(menu option) |
LOG_USER,
LOG_DAEMON,
LOG_LOCAL0,
LOG_LOCAL1,
LOG_LOCAL2,
LOG_LOCAL3,
LOG_LOCAL4,
LOG_LOCAL5,
LOG_LOCAL6,
LOG_LOCAL7 |
Menu option for syslog facility
|
| histograms |
(menu option) |
true,
false,
yes,
no,
on,
off |
Ignored, kept for backward compatibility
|
| tcpdump |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false use tcpdump if found
|
| tcpdumpcommand |
string |
"?(/.*) |
Path to the tcpdump command on this system
|
COMPONENT runagent
PROMISE TYPE control
| hosts |
slist |
(arbitrary string) |
List of host or IP addresses to attempt connection with
|
| port |
int |
1024,99999 |
Default port for cfengine server
|
| force_ipv4 |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false force use of ipv4 in connection
|
| trustkey |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false automatically accept all keys on trust from servers
|
| encrypt |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false encrypt connections with servers
|
| background_children |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false parallelize connections to servers
|
| max_children |
int |
0,99999999999 |
Maximum number of simultaneous connections to attempt
|
| output_to_file |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to send collected output to file(s)
|
| output_directory |
string |
"?(/.*) |
Directory where the output is stored
|
| timeout |
int |
1,9999 |
Connection timeout, sec
|
COMPONENT executor
PROMISE TYPE control
| splaytime |
int |
0,99999999999 |
Time in minutes to splay this host based on its name hash
|
| mailfrom |
string |
.*@.* |
Email-address cfengine mail appears to come from
|
| mailto |
string |
.*@.* |
Email-address cfengine mail is sent to
|
| smtpserver |
string |
.* |
Name or IP of a willing smtp server for sending email
|
| mailmaxlines |
int |
0,1000 |
Maximum number of lines of output to send by email
|
| schedule |
slist |
(arbitrary string) |
The class schedule used by cf-execd for activating cf-agent
|
| executorfacility |
(menu option) |
LOG_USER,
LOG_DAEMON,
LOG_LOCAL0,
LOG_LOCAL1,
LOG_LOCAL2,
LOG_LOCAL3,
LOG_LOCAL4,
LOG_LOCAL5,
LOG_LOCAL6,
LOG_LOCAL7 |
Menu option for syslog facility level
|
| exec_command |
string |
"?(/.*) |
The full path and command to the executable run by default (overriding builtin)
|
COMPONENT knowledge
PROMISE TYPE control
| build_directory |
string |
.* |
The directory in which to generate output files
|
| document_root |
string |
.* |
The directory in which the web root resides
|
| generate_manual |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false generate texinfo manual page skeleton for this version
|
| graph_directory |
string |
"?(/.*) |
Path to directory where rendered .png files will be created
|
| graph_output |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false generate png visualization of topic map if possible (requires lib)
|
| html_banner |
string |
(arbitrary string) |
HTML code for a banner to be added to rendered in html after the header
|
| html_footer |
string |
(arbitrary string) |
HTML code for a page footer to be added to rendered in html before the end body tag
|
| id_prefix |
string |
.* |
The LTM identifier prefix used to label topic maps (used for disambiguation in merging)
|
| manual_source_directory |
string |
"?(/.*) |
Path to directory where raw text about manual topics is found (defaults to build_directory)
|
| query_engine |
string |
(arbitrary string) |
Name of a dynamic web-page used to accept and drive queries in a browser
|
| query_output |
(menu option) |
html,
text |
Menu option for generated output format
|
| sql_type |
(menu option) |
mysql,
postgres |
Menu option for supported database type
|
| sql_database |
string |
(arbitrary string) |
Name of database used for the topic map
|
| sql_owner |
string |
(arbitrary string) |
User id of sql database user
|
| sql_passwd |
string |
(arbitrary string) |
Embedded password for accessing sql database
|
| sql_server |
string |
(arbitrary string) |
Name or IP of database server (or localhost)
|
| sql_connection_db |
string |
(arbitrary string) |
The name of an existing database to connect to in order to create/manage other databases
|
| style_sheet |
string |
(arbitrary string) |
Name of a style-sheet to be used in rendering html output (added to headers)
|
| view_projections |
(menu option) |
true,
false,
yes,
no,
on,
off |
Perform view-projection analytics in graph generation
|
COMPONENT reporter
PROMISE TYPE control
| aggregation_point |
string |
"?(/.*) |
The root directory of the data cache for CMDB aggregation
|
| auto_scaling |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to auto-scale graph output to optimize use of space
|
| build_directory |
string |
.* |
The directory in which to generate output files
|
| csv2xml |
slist |
(arbitrary string) |
A list of csv formatted files in the build directory to convert to simple xml
|
| error_bars |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to generate error bars on graph output
|
| html_banner |
string |
(arbitrary string) |
HTML code for a banner to be added to rendered in html after the header
|
| html_embed |
(menu option) |
true,
false,
yes,
no,
on,
off |
If true, no header and footer tags will be added to html output
|
| html_footer |
string |
(arbitrary string) |
HTML code for a page footer to be added to rendered in html before the end body tag
|
| query_engine |
string |
(arbitrary string) |
Name of a dynamic web-page used to accept and drive queries in a browser
|
| reports |
(option list) |
all,
audit,
performance,
all_locks,
active_locks,
hashes,
classes,
last_seen,
monitor_now,
monitor_history,
monitor_summary,
compliance,
setuid,
file_changes,
installed_software,
software_patches,
value,
variables |
A list of reports that may be generated
|
| report_output |
(menu option) |
csv,
html,
text,
xml |
Menu option for generated output format. Applies only to text reports, graph data remain in xydy format.
|
| style_sheet |
string |
(arbitrary string) |
Name of a style-sheet to be used in rendering html output (added to headers)
|
| time_stamps |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to generate timestamps in the output directory name
|
COMPONENT hub
PROMISE TYPE control
| export_zenoss |
(menu option) |
true,
false,
yes,
no,
on,
off |
Make data available for Zenoss integration in docroot/reports/summary.z
|
| federation |
slist |
(arbitrary string) |
The list of cfengine servers supporting constellation integration with this hub
|
| hub_schedule |
slist |
(arbitrary string) |
The class schedule used by cf-hub for report collation
|
| port |
int |
1024,99999 |
Default port for contacting hub nodes
|
Bundle types (software components)
COMPONENT common
Promise types for common bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
COMPONENT agent
Promise types for agent bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
PROMISE TYPE commands
| args |
string |
(arbitrary string) |
Alternative string of arguments for the command (concatenated with promiser string)
|
| contain |
(ext body) |
| useshell |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false embed the command in a shell environment (true)
|
| umask |
(menu option) |
0,
77,
22,
27,
72,
077,
022,
027,
072 |
The umask value for the child process
|
| exec_owner |
string |
(arbitrary string) |
The user name or id under which to run the process
|
| exec_group |
string |
(arbitrary string) |
The group name or id under which to run the process
|
| exec_timeout |
int |
1,3600 |
Timeout in seconds for command completion
|
| chdir |
string |
"?(/.*) |
Directory for setting current/base directory for the process
|
| chroot |
string |
"?(/.*) |
Directory of root sandbox for process
|
| preview |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false preview command when running in dry-run mode (with -n)
|
| no_output |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false discard all output from the command
|
|
| module |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to expect the cfengine module protocol
|
PROMISE TYPE databases
| database_server |
(ext body) |
| db_server_owner |
string |
(arbitrary string) |
User name for database connection
|
| db_server_password |
string |
(arbitrary string) |
Clear text password for database connection
|
| db_server_host |
string |
(arbitrary string) |
Hostname or address for connection to database, blank means localhost
|
| db_server_type |
(menu option) |
postgres,
mysql |
The dialect of the database server
|
| db_server_connection_db |
string |
(arbitrary string) |
The name of an existing database to connect to in order to create/manage other databases
|
|
| database_type |
(menu option) |
sql,
ms_registry |
The type of database that is to be manipulated
|
| database_operation |
(menu option) |
create,
delete,
drop,
cache,
verify,
restore |
The nature of the promise - to be or not to be
|
| database_columns |
slist |
.* |
A list of column definitions to be promised by SQL databases
|
| database_rows |
slist |
.*,.* |
An ordered list of row values to be promised by SQL databases
|
| registry_exclude |
slist |
(arbitrary string) |
A list of regular expressions to ignore in key/value verification
|
PROMISE TYPE environments
| environment_host |
string |
[a-zA-Z0-9_$(){}.:-]+ |
A host for the virtual environment uniquely indicating which physical node will execute this machine
|
| environment_interface |
(ext body) |
| env_addresses |
slist |
(arbitrary string) |
The IP addresses of the environment's network interfaces
|
| env_name |
string |
(arbitrary string) |
The hostname of the virtual environment
|
| env_network |
string |
(arbitrary string) |
The hostname of the virtual network
|
|
| environment_resources |
(ext body) |
| env_cpus |
int |
0,99999999999 |
Number of virtual CPUs in the environment
|
| env_memory |
int |
0,99999999999 |
Amount of primary storage (RAM) in the virtual environment (KB)
|
| env_disk |
int |
0,99999999999 |
Amount of secondary storage (DISK) in the virtual environment (MB)
|
| env_baseline |
string |
"?(/.*) |
The path to an image with which to baseline the virtual environment
|
| env_spec_file |
string |
"?(/.*) |
The path to a file containing a technology specific set of promises for the virtual instance
|
|
| environment_state |
(menu option) |
create,
delete,
running,
suspended,
down |
The desired dynamical state of the specified environment
|
| environment_type |
(menu option) |
xen,
kvm,
esx,
test,
xen_net,
kvm_net,
esx_net,
test_net,
zone,
ec2,
eucalyptus |
Virtual environment type
|
PROMISE TYPE files
| acl |
(ext body) |
| aces |
slist |
((user|
group):[^:]+:[-=+,rwx()dtTabBpcoD]*(:(allow|
deny))?)|
((all|
mask):[-=+,rwx()]*(:(allow|
deny))?) |
Native settings for access control entry
|
| acl_directory_inherit |
(menu option) |
nochange,
parent,
specify,
clear |
Access control list type for the affected file system
|
| acl_method |
(menu option) |
append,
overwrite |
Editing method for access control list
|
| acl_type |
(menu option) |
generic,
posix,
ntfs |
Access control list type for the affected file system
|
| specify_inherit_aces |
slist |
((user|
group):[^:]+:[-=+,rwx()dtTabBpcoD]*(:(allow|
deny))?)|
((all|
mask):[-=+,rwx()]*(:(allow|
deny))?) |
Native settings for access control entry
|
|
| changes |
(ext body) |
| hash |
(menu option) |
md5,
sha1,
sha224,
sha256,
sha384,
sha512,
best |
Hash files for change detection
|
| report_changes |
(menu option) |
all,
stats,
content,
none |
Specify criteria for change warnings
|
| update_hashes |
(menu option) |
true,
false,
yes,
no,
on,
off |
Update hash values immediately after change warning
|
| report_diffs |
(menu option) |
true,
false,
yes,
no,
on,
off |
Generate reports summarizing the major differences between individual text files
|
|
| copy_from |
(ext body) |
| source |
string |
.+ |
Reference source file from which to copy
|
| servers |
slist |
[A-Za-z0-9_.:-]+ |
List of servers in order of preference from which to copy
|
| collapse_destination_dir |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false Place files in subdirectories into the root destination directory during copy
|
| compare |
(menu option) |
atime,
mtime,
ctime,
digest,
hash,
exists,
binary |
Menu option policy for comparing source and image file attributes
|
| copy_backup |
(menu option) |
true,
false,
timestamp |
Menu option policy for file backup/version control
|
| encrypt |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false use encrypted data stream to connect to remote host
|
| check_root |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false check permissions on the root directory when depth_search
|
| copylink_patterns |
slist |
(arbitrary string) |
List of patterns matching files that should be copied instead of linked
|
| copy_size |
irange [int,int] |
0,inf |
Integer range of file sizes that may be copied
|
| findertype |
(menu option) |
MacOSX |
Menu option for default finder type on MacOSX
|
| linkcopy_patterns |
slist |
(arbitrary string) |
List of patterns matching files that should be replaced with symbolic links
|
| link_type |
(menu option) |
symlink,
hardlink,
relative,
absolute |
Menu option for type of links to use when copying
|
| force_update |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false force copy update always
|
| force_ipv4 |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false force use of ipv4 on ipv6 enabled network
|
| portnumber |
int |
1024,99999 |
Port number to connect to on server host
|
| preserve |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to preserve file permissions on copied file
|
| purge |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false purge files on client that do not match files on server when a depth_search is used
|
| stealth |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to preserve time stamps on copied file
|
| timeout |
int |
1,3600 |
Connection timeout, seconds
|
| trustkey |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false trust public keys from remote server if previously unknown
|
| type_check |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false compare file types before copying and require match
|
| verify |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false verify transferred file by hashing after copy (resource penalty)
|
|
| create |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to create non-existing file
|
| delete |
(ext body) |
| dirlinks |
(menu option) |
delete,
tidy,
keep |
Menu option policy for dealing with symbolic links to directories during deletion
|
| rmdirs |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to delete empty directories during recursive deletion
|
|
| depth_search |
(ext body) |
| depth |
int |
0,99999999999 |
Maximum depth level for search
|
| exclude_dirs |
slist |
.* |
List of regexes of directory names NOT to include in depth search
|
| include_basedir |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false include the start/root dir of the search results
|
| include_dirs |
slist |
.* |
List of regexes of directory names to include in depth search
|
| rmdeadlinks |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false remove links that point to nowhere
|
| traverse_links |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false traverse symbolic links to directories (false)
|
| xdev |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false exclude directories that are on different devices
|
|
| edit_line |
(ext bundle) |
(Separate Bundle) |
| edit_xml |
(ext bundle) |
(Separate Bundle) |
| edit_defaults |
(ext body) |
| edit_backup |
(menu option) |
true,
false,
timestamp,
rotate |
Menu option for backup policy on edit changes
|
| empty_file_before_editing |
(menu option) |
true,
false,
yes,
no,
on,
off |
Baseline memory model of file to zero/empty before commencing promised edits
|
| max_file_size |
int |
0,99999999999 |
Do not edit files bigger than this number of bytes
|
| recognize_join |
(menu option) |
true,
false,
yes,
no,
on,
off |
Join together lines that end with a backslash, up to 4kB limit
|
|
| file_select |
(ext body) |
| leaf_name |
slist |
(arbitrary string) |
List of regexes that match an acceptable name
|
| path_name |
slist |
"?(/.*) |
List of pathnames to match acceptable target
|
| search_mode |
slist |
[0-7augorwxst,+-]+ |
A list of mode masks for acceptable file permissions
|
| search_size |
irange [int,int] |
0,inf |
Integer range of file sizes
|
| search_owners |
slist |
(arbitrary string) |
List of acceptable user names or ids for the file, or regexes to match
|
| search_groups |
slist |
(arbitrary string) |
List of acceptable group names or ids for the file, or regexes to match
|
| search_bsdflags |
slist |
[+-]*[(arch|
archived|
nodump|
opaque|
sappnd|
sappend|
schg|
schange|
simmutable|
sunlnk|
sunlink|
uappnd|
uappend|
uchg|
uchange|
uimmutable|
uunlnk|
uunlink)]+ |
String of flags for bsd file system flags expected set
|
| ctime |
irange [int,int] |
0,2147483647 |
Range of change times (ctime) for acceptable files
|
| mtime |
irange [int,int] |
0,2147483647 |
Range of modification times (mtime) for acceptable files
|
| atime |
irange [int,int] |
0,2147483647 |
Range of access times (atime) for acceptable files
|
| exec_regex |
string |
.* |
Matches file if this regular expression matches any full line returned by the command
|
| exec_program |
string |
"?(/.*) |
Execute this command on each file and match if the exit status is zero
|
| file_types |
(option list) |
plain,
reg,
symlink,
dir,
socket,
fifo,
door,
char,
block |
List of acceptable file types from menu choices
|
| issymlinkto |
slist |
(arbitrary string) |
List of regular expressions to match file objects
|
| file_result |
string |
[!*(leaf_name|
path_name|
file_types|
mode|
size|
owner|
group|
atime|
ctime|
mtime|
issymlinkto|
exec_regex|
exec_program|
bsdflags)[|
&.]*]* |
Logical expression combining classes defined by file search criteria
|
|
| link_from |
(ext body) |
| copy_patterns |
slist |
(arbitrary string) |
A set of patterns that should be copied ansd synchronized instead of linked
|
| link_children |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to link all directory's children to source originals
|
| link_type |
(menu option) |
symlink,
hardlink,
relative,
absolute |
The type of link used to alias the file
|
| source |
string |
.+ |
The source file to which the link should point
|
| when_linking_children |
(menu option) |
override_file,
if_no_such_file |
Policy for overriding existing files when linking directories of children
|
| when_no_source |
(menu option) |
force,
delete,
nop |
Behaviour when the source file to link to does not exist
|
|
| move_obstructions |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to move obstructions to file-object creation
|
| pathtype |
(menu option) |
literal,
regex,
guess |
Menu option for interpreting promiser file object
|
| perms |
(ext body) |
| bsdflags |
slist |
[+-]*[(arch|
archived|
nodump|
opaque|
sappnd|
sappend|
schg|
schange|
simmutable|
sunlnk|
sunlink|
uappnd|
uappend|
uchg|
uchange|
uimmutable|
uunlnk|
uunlink)]+ |
List of menu options for bsd file system flags to set
|
| groups |
slist |
[a-zA-Z0-9_$.-]+ |
List of acceptable groups of group ids, first is change target
|
| mode |
string |
[0-7augorwxst,+-]+ |
File permissions (like posix chmod)
|
| owners |
slist |
[a-zA-Z0-9_$.-]+ |
List of acceptable owners or user ids, first is change target
|
| rxdirs |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false add execute flag for directories if read flag is set
|
|
| rename |
(ext body) |
| disable |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false automatically rename and remove permissions
|
| disable_mode |
string |
[0-7augorwxst,+-]+ |
The permissions to set when a file is disabled
|
| disable_suffix |
string |
(arbitrary string) |
The suffix to add to files when disabling (.cfdisabled)
|
| newname |
string |
(arbitrary string) |
The desired name for the current file
|
| rotate |
int |
0,99 |
Maximum number of file rotations to keep
|
|
| repository |
string |
"?(/.*) |
Name of a repository for versioning
|
| touch |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether to touch time stamps on file
|
| transformer |
string |
"?(/.*) |
Command (with full path) used to transform current file (no shell wrapper used)
|
PROMISE TYPE interfaces
| tcp_ip |
(ext body) |
| ipv4_address |
string |
[0-9.]+/[0-4]+ |
IPv4 address for the interface
|
| ipv4_netmask |
string |
[0-9.]+/[0-4]+ |
Netmask for the interface
|
| ipv6_address |
string |
[0-9a-fA-F:]+/[0-9]+ |
IPv6 address for the interface
|
|
PROMISE TYPE methods
| usebundle |
(ext bundle) |
(Separate Bundle) |
PROMISE TYPE outputs
| output_level |
(menu option) |
verbose,
debug,
inform |
Output level to observe for the named promise or bundle (meta-promise)
|
| promiser_type |
(menu option) |
promise,
bundle |
Output level to observe for the named promise or bundle (meta-promise)
|
PROMISE TYPE packages
| package_architectures |
slist |
(arbitrary string) |
Select the architecture for package selection
|
| package_method |
(ext body) |
| package_add_command |
string |
"?(/.*) |
Command to install a package to the system
|
| package_arch_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract package architecture string
|
| package_changes |
(menu option) |
individual,
bulk |
Menu option - whether to group packages into a single aggregate command
|
| package_delete_command |
string |
"?(/.*) |
Command to remove a package from the system
|
| package_delete_convention |
string |
(arbitrary string) |
This is how the package manager expects the package to be referred to in the deletion part of a package update, e.g. $(name)
|
| package_file_repositories |
slist |
(arbitrary string) |
A list of machine-local directories to search for packages
|
| package_installed_regex |
string |
(arbitrary string) |
Regular expression which matches packages that are already installed
|
| package_list_arch_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract package architecture string
|
| package_list_command |
string |
"?(/.*) |
Command to obtain a list of available packages
|
| package_list_name_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract package name string
|
| package_list_update_command |
string |
(arbitrary string) |
Command to update the list of available packages (if any)
|
| package_list_update_ifelapsed |
int |
-99999999999,9999999999 |
The ifelapsed locking time in between updates of the package list
|
| package_list_version_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract package version string
|
| package_name_convention |
string |
(arbitrary string) |
This is how the package manager expects the package to be referred to, e.g. $(name).$(arch)
|
| package_name_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract package name string
|
| package_noverify_regex |
string |
(arbitrary string) |
Regular expression to match verification failure output
|
| package_noverify_returncode |
int |
-99999999999,9999999999 |
Integer return code indicating package verification failure
|
| package_patch_arch_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract update architecture string
|
| package_patch_command |
string |
"?(/.*) |
Command to update to the latest patch release of an installed package
|
| package_patch_installed_regex |
string |
(arbitrary string) |
Regular expression which matches packages that are already installed
|
| package_patch_list_command |
string |
"?(/.*) |
Command to obtain a list of available patches or updates
|
| package_patch_name_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract update name string
|
| package_patch_version_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract update version string
|
| package_update_command |
string |
"?(/.*) |
Command to update to the latest version a currently installed package
|
| package_verify_command |
string |
"?(/.*) |
Command to verify the correctness of an installed package
|
| package_version_regex |
string |
(arbitrary string) |
Regular expression with one backreference to extract package version string
|
| package_multiline_start |
string |
(arbitrary string) |
Regular expression which matches the start of a new package in multiline output
|
|
| package_policy |
(menu option) |
add,
delete,
reinstall,
update,
addupdate,
patch,
verify |
Criteria for package installation/upgrade on the current system
|
| package_select |
(menu option) |
>,
<,
==,
!=,
>=,
<= |
A criterion for first acceptable match relative to "package_version"
|
| package_version |
string |
(arbitrary string) |
Version reference point for determining promised version
|
PROMISE TYPE processes
| process_count |
(ext body) |
| in_range_define |
slist |
(arbitrary string) |
List of classes to define if the matches are in range
|
| match_range |
irange [int,int] |
0,99999999999 |
Integer range for acceptable number of matches for this process
|
| out_of_range_define |
slist |
(arbitrary string) |
List of classes to define if the matches are out of range
|
|
| process_select |
(ext body) |
| command |
string |
(arbitrary string) |
Regular expression matching the command/cmd field of a process
|
| pid |
irange [int,int] |
0,99999999999 |
Range of integers matching the process id of a process
|
| pgid |
irange [int,int] |
0,99999999999 |
Range of integers matching the parent group id of a process
|
| ppid |
irange [int,int] |
0,99999999999 |
Range of integers matching the parent process id of a process
|
| priority |
irange [int,int] |
-20,+20 |
Range of integers matching the priority field (PRI/NI) of a process
|
| process_owner |
slist |
(arbitrary string) |
List of regexes matching the user of a process
|
| process_result |
string |
[(process_owner|
pid|
ppid|
|
pgid|
rsize|
vsize|
status|
command|
ttime|
stime|
tty|
priority|
threads)[|
&!.]*]* |
Boolean class expression returning the logical combination of classes set by a process selection test
|
| rsize |
irange [int,int] |
0,99999999999 |
Range of integers matching the resident memory size of a process, in kilobytes
|
| status |
string |
(arbitrary string) |
Regular expression matching the status field of a process
|
| stime_range |
irange [int,int] |
0,2147483647 |
Range of integers matching the start time of a process
|
| ttime_range |
irange [int,int] |
0,2147483647 |
Range of integers matching the total elapsed time of a process
|
| tty |
string |
(arbitrary string) |
Regular expression matching the tty field of a process
|
| threads |
irange [int,int] |
0,99999999999 |
Range of integers matching the threads (NLWP) field of a process
|
| vsize |
irange [int,int] |
0,99999999999 |
Range of integers matching the virtual memory size of a process, in kilobytes
|
|
| process_stop |
string |
"?(/.*) |
A command used to stop a running process
|
| restart_class |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A class to be defined globally if the process is not running, so that a command: rule can be referred to restart the process
|
| signals |
(option list) |
hup,
int,
trap,
kill,
pipe,
cont,
abrt,
stop,
quit,
term,
child,
usr1,
usr2,
bus,
segv |
A list of menu options representing signals to be sent to a process
|
PROMISE TYPE services
| service_policy |
(menu option) |
start,
stop,
disable |
Policy for cfengine service status
|
| service_dependencies |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of services on which the named service abstraction depends
|
| service_method |
(ext body) |
| service_type |
(menu option) |
windows,
init,
inetd,
xinetd |
Service abstraction type
|
| service_args |
string |
(arbitrary string) |
Parameters for starting the service
|
| service_autostart_policy |
(menu option) |
none,
boot_time,
on_demand |
Should the service be started automatically by the OS
|
| service_dependence_chain |
(menu option) |
ignore,
start_parent_services,
stop_child_services,
all_related |
How to handle dependencies and dependent services
|
|
PROMISE TYPE storage
| mount |
(ext body) |
| edit_fstab |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false add or remove entries to the file system table ("fstab")
|
| mount_type |
(menu option) |
nfs,
nfs2,
nfs3,
nfs4 |
Protocol type of remote file system
|
| mount_source |
string |
"?(/.*) |
Path of remote file system to mount
|
| mount_server |
string |
(arbitrary string) |
Hostname or IP or remote file system server
|
| mount_options |
slist |
(arbitrary string) |
List of option strings to add to the file system table ("fstab")
|
| unmount |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false unmount a previously mounted filesystem
|
|
| volume |
(ext body) |
| check_foreign |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false verify storage that is mounted from a foreign system on this host
|
| freespace |
string |
[0-9]+[MBkKgGmb%] |
Absolute or percentage minimum disk space that should be available before warning
|
| sensible_size |
int |
0,99999999999 |
Minimum size in bytes that should be used on a sensible-looking storage device
|
| sensible_count |
int |
0,99999999999 |
Minimum number of files that should be defined on a sensible-looking storage device
|
| scan_arrivals |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false generate pseudo-periodic disk change arrival distribution
|
|
COMPONENT server
Promise types for server bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
PROMISE TYPE access
| admit |
slist |
(arbitrary string) |
List of host names or IP addresses to grant access to file objects
|
| deny |
slist |
(arbitrary string) |
List of host names or IP addresses to deny access to file objects
|
| maproot |
slist |
(arbitrary string) |
List of host names or IP addresses to grant full read-privilege on the server
|
| ifencrypted |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false whether the current file access promise is conditional on the connection from the client being encrypted
|
| resource_type |
(menu option) |
path,
literal,
context,
query |
The type of object being granted access (the default grants access to files)
|
PROMISE TYPE roles
| authorize |
slist |
(arbitrary string) |
List of public-key user names that are allowed to activate the promised class during remote agent activation
|
COMPONENT monitor
Promise types for monitor bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
PROMISE TYPE measurements
| stream_type |
(menu option) |
pipe,
file |
The datatype being collected.
|
| data_type |
(menu option) |
counter,
int,
real,
string,
slist |
The datatype being collected.
|
| history_type |
(menu option) |
weekly,
scalar,
static,
log |
Whether the data can be seen as a time-series or just an isolated value
|
| units |
string |
(arbitrary string) |
The engineering dimensions of this value or a note about its intent used in plots
|
| match_value |
(ext body) |
| select_line_matching |
string |
.* |
Regular expression for matching line location
|
| select_line_number |
int |
0,99999999999 |
Read from the n-th line of the output (fixed format)
|
| extraction_regex |
string |
(arbitrary string) |
Regular expression that should contain a single backreference for extracting a value
|
| track_growing_file |
(menu option) |
true,
false,
yes,
no,
on,
off |
If true, cfengine remembers the position to which
is last read when opening the file, and resets to the start if the file
has since been truncated
|
|
COMPONENT runagent
Promise types for runagent bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
COMPONENT executor
Promise types for executor bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
COMPONENT knowledge
Promise types for knowledge bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
PROMISE TYPE inferences
| precedents |
slist |
(arbitrary string) |
The foundational vector for a trinary inference
|
| qualifiers |
slist |
(arbitrary string) |
The second vector in a trinary inference
|
PROMISE TYPE things
| synonyms |
slist |
(arbitrary string) |
A list of words to be treated as equivalents in the defined context
|
| affects |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| belongs_to |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| caused_by |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| causes |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| certainty |
(menu option) |
certain,
uncertain,
possible |
Selects the level of certainty for the proposed knowledge, for use in inferential reasoning
|
| determines |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| generalizations |
slist |
(arbitrary string) |
A list of words to be treated as super-sets for the current topic, used when reasoning
|
| is_connected_to |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| is_located_in |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| is_part_of |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| needs |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| provides |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
| uses |
slist |
(arbitrary string) |
Special fixed relation for describing topics that are things
|
PROMISE TYPE topics
| association |
(ext body) |
| forward_relationship |
string |
(arbitrary string) |
Name of forward association between promiser topic and associates
|
| backward_relationship |
string |
(arbitrary string) |
Name of backward/inverse association from associates to promiser topic
|
| associates |
slist |
(arbitrary string) |
List of associated topics by this forward relationship
|
|
| synonyms |
slist |
(arbitrary string) |
A list of words to be treated as equivalents in the defined context
|
| generalizations |
slist |
(arbitrary string) |
A list of words to be treated as super-sets for the current topic, used when reasoning
|
PROMISE TYPE occurrences
| represents |
slist |
(arbitrary string) |
List of subtopics that explains the type(s) of information represented by the occurrence
|
| representation |
(menu option) |
literal,
url,
db,
file,
web,
image,
portal |
How to interpret the promiser string e.g. actual data or reference to data
|
| web_root |
string |
(arbitrary string) |
Base URL of the occurrence when rendered as a web-URL (deprecated)
|
| path_root |
string |
(arbitrary string) |
Base path of the occurrence when locating file (deprecated)
|
COMPONENT reporter
Promise types for reporter bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
COMPONENT hub
Promise types for hub bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
EMBEDDED BUNDLE edit_line
Promise types for * bundles
PROMISE TYPE vars
| string |
string |
(arbitrary string) |
A scalar string
|
| int |
int |
-99999999999,9999999999 |
A scalar integer
|
| real |
real |
-9.99999E100,9.99999E100 |
A scalar real number
|
| slist |
slist |
(arbitrary string) |
A list of scalar strings
|
| ilist |
ilist |
-99999999999,9999999999 |
A list of integers
|
| rlist |
rlist |
-9.99999E100,9.99999E100 |
A list of real numbers
|
| policy |
(menu option) |
free,
overridable,
constant,
ifdefined |
The policy for (dis)allowing (re)definition of variables
|
PROMISE TYPE classes
| or |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with inclusive OR
|
| and |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with AND
|
| xor |
clist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Combine class sources with XOR
|
| dist |
rlist |
-9.99999E100,9.99999E100 |
Generate a probabilistic class distribution (from strategies in cfengine 2)
|
| expression |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate string expression of classes in normal form
|
| not |
class |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Evaluate the negation of string expression in normal form
|
| select_class |
rlist |
[a-zA-Z0-9_!&@@$|
.()\[\]{}]+ |
Select one of the named list of classes to define based on host identity
|
PROMISE TYPE reports
| friend_pattern |
string |
(arbitrary string) |
Regular expression to keep selected hosts from the friends report list
|
| intermittency |
real |
0,1 |
Real number threshold [0,1] of intermittency about current peers, report above
|
| lastseen |
int |
0,99999999999 |
Integer time threshold in hours since current peers were last seen, report absence
|
| printfile |
(ext body) |
| file_to_print |
string |
"?(/.*) |
Path name to the file that is to be sent to standard output
|
| number_of_lines |
int |
0,99999999999 |
Integer maximum number of lines to print from selected file
|
|
| report_to_file |
string |
"?(/.*) |
The path and filename to which output should be appended
|
| showstate |
slist |
(arbitrary string) |
List of services about which status reports should be reported to standard output
|
PROMISE TYPE *
| action |
(ext body) |
| action_policy |
(menu option) |
fix,
warn,
nop |
Whether to repair or report about non-kept promises
|
| ifelapsed |
int |
0,99999999999 |
Number of minutes before next allowed assessment of promise
|
| expireafter |
int |
0,99999999999 |
Number of minutes before a repair action is interrupted and retried
|
| log_string |
string |
(arbitrary string) |
A message to be written to the log when a promise verification leads to a repair
|
| log_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level sent to syslog
|
| log_kept |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_priority |
(menu option) |
emergency,
alert,
critical,
error,
warning,
notice,
info,
debug |
The priority level of the log message, as interpreted by a syslog server
|
| log_repaired |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| log_failed |
string |
stdout|
udp_syslog|
("?[a-zA-Z]:\\.*)|
(/.*) |
This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger
|
| value_kept |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to keeping this promise
|
| value_repaired |
real |
-9.99999E100,9.99999E100 |
A real number value attributed to reparing this promise
|
| value_notkept |
real |
-9.99999E100,9.99999E100 |
A real number value (possibly negative) attributed to not keeping this promise
|
| audit |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for detailed audit records of this promise
|
| background |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false switch for parallelizing the promise repair
|
| report_level |
(menu option) |
inform,
verbose,
error,
log |
The reporting level for standard output for this promise
|
| measurement_class |
string |
(arbitrary string) |
If set performance will be measured and recorded under this identifier
|
|
| classes |
(ext body) |
| promise_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_failed |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_denied |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| repair_timeout |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| promise_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be defined globally
|
| cancel_kept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is kept
|
| cancel_repaired |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is repaired
|
| cancel_notkept |
slist |
[a-zA-Z0-9_$(){}\[\].]+ |
A list of classes to be cancelled if the promise is not kept for any reason
|
| kept_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a kept command-related promise
|
| repaired_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a repaired command-related promise
|
| failed_returncodes |
slist |
[-0-9_$(){}\[\].]+ |
A list of return codes indicating a failed command-related promise
|
| persist_time |
int |
0,99999999999 |
A number of minutes the specified classes should remain active
|
| timer_policy |
(menu option) |
absolute,
reset |
Whether a persistent class restarts its counter when rediscovered
|
|
| ifvarclass |
string |
(arbitrary string) |
Extended classes ANDed with context
|
| handle |
string |
[a-zA-Z0-9_$(){}\[\].]+ |
A unique id-tag string for referring to this as a promisee elsewhere
|
| depends_on |
slist |
(arbitrary string) |
A list of promise handles that this promise builds on or depends on somehow (for knowledge management)
|
| comment |
string |
(arbitrary string) |
A comment about this promise's real intention that follows through the program
|
| select_region |
(ext body) |
| include_start_delimiter |
(menu option) |
true,
false,
yes,
no,
on,
off |
Whether to include the section delimiter
|
| include_end_delimiter |
(menu option) |
true,
false,
yes,
no,
on,
off |
Whether to include the section delimiter
|
| select_start |
string |
.* |
Regular expression matching start of edit region
|
| select_end |
string |
.* |
Regular expression matches end of edit region from start
|
|
| delete_select |
(ext body) |
| delete_if_startwith_from_list |
slist |
.* |
Delete line if it starts with a string in the list
|
| delete_if_not_startwith_from_list |
slist |
.* |
Delete line if it DOES NOT start with a string in the list
|
| delete_if_match_from_list |
slist |
.* |
Delete line if it fully matches a regex in the list
|
| delete_if_not_match_from_list |
slist |
.* |
Delete line if it DOES NOT fully match a regex in the list
|
| delete_if_contains_from_list |
slist |
.* |
Delete line if a regex in the list match a line fragment
|
| delete_if_not_contains_from_list |
slist |
.* |
Delete line if a regex in the list DOES NOT match a line fragment
|
|
| not_matching |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false negate match criterion
|
| expand_scalars |
(menu option) |
true,
false,
yes,
no,
on,
off |
Expand any unexpanded variables
|
| insert_type |
(menu option) |
literal,
string,
file,
preserve_block |
Type of object the promiser string refers to
|
| insert_select |
(ext body) |
| insert_if_startwith_from_list |
slist |
.* |
Insert line if it starts with a string in the list
|
| insert_if_not_startwith_from_list |
slist |
.* |
Insert line if it DOES NOT start with a string in the list
|
| insert_if_match_from_list |
slist |
.* |
Insert line if it fully matches a regex in the list
|
| insert_if_not_match_from_list |
slist |
.* |
Insert line if it DOES NOT fully match a regex in the list
|
| insert_if_contains_from_list |
slist |
.* |
Insert line if a regex in the list match a line fragment
|
| insert_if_not_contains_from_list |
slist |
.* |
Insert line if a regex in the list DOES NOT match a line fragment
|
|
| location |
(ext body) |
| before_after |
(menu option) |
before,
after |
Menu option, point cursor before of after matched line
|
| first_last |
(menu option) |
first,
last |
Menu option, choose first or last occurrence of match in file
|
| select_line_matching |
string |
.* |
Regular expression for matching file line location
|
|
| whitespace_policy |
(option list) |
ignore_leading,
ignore_trailing,
ignore_embedded,
exact_match |
Criteria for matching and recognizing existing lines
|
| edit_field |
(ext body) |
| allow_blank_fields |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false allow blank fields in a line (do not purge)
|
| extend_fields |
(menu option) |
true,
false,
yes,
no,
on,
off |
true/false add new fields at end of line if necessary to complete edit
|
| field_operation |
(menu option) |
prepend,
append,
alphanum,
delete,
set |
Menu option policy for editing subfields
|
| field_separator |
string |
.* |
The regular expression used to separate fields in a line
|
| field_value |
string |
.* |
Set field value to a fixed value
|
| select_field |
int |
0,99999999 |
Integer index of the field required 0..n (default starts from 1)
|
| start_fields_from_zero |
(menu option) |
true,
false,
yes,
no,
on,
off |
If set, the default field numbering starts from 0
|
| value_separator |
string |
^.$ |
Character separator for subfields inside the selected field
|
|
| replace_with |
(ext body) |
| occurrences |
(menu option) |
all,
first |
Menu option to replace all occurrences or just first (NB the latter is non-convergent)
|
| replace_value |
string |
.* |
Value used to replace regular expression matches in search
|
|
Builtin functions
| Return type | Function name | Arguments | Description |
| class |
accessedbefore() |
2 args expected |
True if arg1 was accessed before arg2 (atime) |
| int |
accumulated() |
6 args expected |
Convert an accumulated amount of time into a system representation |
| int |
ago() |
6 args expected |
Convert a time relative to now to an integer system representation |
| string |
and() |
99 args expected |
Calculate whether all arguments evaluate to true |
| string |
canonify() |
1 args expected |
Convert an abitrary string into a legal class name |
| string |
concat() |
99 args expected |
Concatenate all arguments into string |
| class |
changedbefore() |
2 args expected |
True if arg1 was changed before arg2 (ctime) |
| class |
classify() |
1 args expected |
True if the canonicalization of the argument is a currently defined class |
| class |
classmatch() |
1 args expected |
True if the regular expression matches any currently defined class |
| int |
countclassesmatching() |
1 args expected |
Count the number of defined classes matching regex arg1 |
| int |
countlinesmatching() |
2 args expected |
Count the number of lines matching regex arg1 in file arg2 |
| int |
diskfree() |
1 args expected |
Return the free space (in KB) available on the directory's current partition (0 if not found) |
| string |
escape() |
1 args expected |
Escape regular expression characters in a string |
| string |
execresult() |
2 args expected |
Execute named command and assign output to variable |
| class |
fileexists() |
1 args expected |
True if the named file can be accessed |
| class |
filesexist() |
1 args expected |
True if the named list of files can ALL be accessed |
| int |
filesize() |
1 args expected |
Returns the size in bytes of the file |
| string |
getenv() |
2 args expected |
Return the environment variable named arg1, truncated at arg2 characters |
| int |
getfields() |
4 args expected |
Get an array of fields in the lines matching regex arg1 in file arg2, split on regex arg3 as array name arg4 |
| int |
getgid() |
1 args expected |
Return the integer group id of the named group on this host |
| slist |
getindices() |
1 args expected |
Get a list of keys to the array whose id is the argument and assign to variable |
| int |
getuid() |
1 args expected |
Return the integer user id of the named user on this host |
| slist |
getusers() |
2 args expected |
Get a list of all system users defined, minus those names defined in args 1 and uids in args |
| slist |
getvalues() |
1 args expected |
Get a list of values corresponding to the right hand sides in an array whose id is the argument and assign to variable |
| slist |
grep() |
2 args expected |
Extract the sub-list if items matching the regular expression in arg1 of the list named in arg2 |
| class |
groupexists() |
1 args expected |
True if group or numerical id exists on this host |
| string |
hash() |
2 args expected |
Return the hash of arg1, type arg2 and assign to a variable |
| class |
hashmatch() |
3 args expected |
Compute the hash of arg1, of type arg2 and test if it matches the value in arg 3 |
| string |
host2ip() |
1 args expected |
Returns the primary name-service IP address for the named host |
| string |
ip2host() |
1 args expected |
Returns the primary name-service host name for the IP address |
| class |
hostinnetgroup() |
1 args expected |
True if the current host is in the named netgroup |
| class |
hostrange() |
2 args expected |
True if the current host lies in the range of enumerated hostnames specified |
| slist |
hostsseen() |
3 args expected |
Extract the list of hosts last seen/not seen within the last arg1 hours |
| string |
hubknowledge() |
1 args expected |
Read global knowledge from the hub host by id (commercial extension) |
| class |
iprange() |
1 args expected |
True if the current host lies in the range of IP addresses specified |
| irange [int,int] |
irange() |
2 args expected |
Define a range of integer values for cfengine internal use |
| class |
isdir() |
1 args expected |
True if the named object is a directory |
| class |
isexecutable() |
1 args expected |
True if the named object has execution rights for the current user |
| class |
isgreaterthan() |
2 args expected |
True if arg1 is numerically greater than arg2, else compare strings like strcmp |
| class |
islessthan() |
2 args expected |
True if arg1 is numerically less than arg2, else compare strings like NOT strcmp |
| class |
islink() |
1 args expected |
True if the named object is a symbolic link |
| class |
isnewerthan() |
2 args expected |
True if arg1 is newer (modified later) than arg2 (mtime) |
| class |
isplain() |
1 args expected |
True if the named object is a plain/regular file |
| class |
isvariable() |
1 args expected |
True if the named variable is defined |
| string |
join() |
2 args expected |
Join the items of arg2 into a string, using the conjunction in arg1 |
| string |
lastnode() |
2 args expected |
Extract the last of a separated string, e.g. filename from a path |
| class |
laterthan() |
6 args expected |
True if the current time is later than the given date |
| class |
ldaparray() |
6 args expected |
Extract all values from an ldap record |
| slist |
ldaplist() |
6 args expected |
Extract all named values from multiple ldap records |
| string |
ldapvalue() |
6 args expected |
Extract the first matching named value from ldap |
| string |
not() |
1 args expected |
Calculate whether argument is false |
| int |
now() |
0 args expected |
Convert the current time into system representation |
| int |
on() |
6 args expected |
Convert an exact date/time to an integer system representation |
| string |
or() |
99 args expected |
Calculate whether any argument evaluates to true |
| int |
parseintarray() |
6 args expected |
Read an array of integers from a file and assign the dimension to a variable |
| int |
parserealarray() |
6 args expected |
Read an array of real numbers from a file and assign the dimension to a variable |
| int |
parsestringarray() |
6 args expected |
Read an array of strings from a file and assign the dimension to a variable |
| int |
parsestringarrayidx() |
6 args expected |
Read an array of strings from a file and assign the dimension to a variable with integer indeces |
| slist |
peers() |
3 args expected |
Get a list of peers (not including ourself) from the partition to which we belong |
| string |
peerleader() |
3 args expected |
Get the assigned peer-leader of the partition to which we belong |
| slist |
peerleaders() |
3 args expected |
Get a list of peer leaders from the named partitioning |
| real |
product() |
1 args expected |
Return the product of a list of reals |
| int |
randomint() |
2 args expected |
Generate a random integer between the given limits |
| string |
readfile() |
2 args expected |
Read max number of bytes from named file and assign to variable |
| int |
readintarray() |
6 args expected |
Read an array of integers from a file and assign the dimension to a variable |
| ilist |
readintlist() |
5 args expected |
Read and assign a list variable from a file of separated ints |
| int |
readrealarray() |
6 args expected |
Read an array of real numbers from a file and assign the dimension to a variable |
| rlist |
readreallist() |
5 args expected |
Read and assign a list variable from a file of separated real numbers |
| int |
readstringarray() |
6 args expected |
Read an array of strings from a file and assign the dimension to a variable |
| int |
readstringarrayidx() |
6 args expected |
Read an array of strings from a file and assign the dimension to a variable with integer indeces |
| slist |
readstringlist() |
5 args expected |
Read and assign a list variable from a file of separated strings |
| string |
readtcp() |
4 args expected |
Connect to tcp port, send string and assign result to variable |
| class |
regarray() |
2 args expected |
True if arg1 matches any item in the associative array with id=arg2 |
| class |
regcmp() |
2 args expected |
True if arg1 is a regular expression matching that matches string arg2 |
| class |
regextract() |
3 args expected |
True if the regular expression in arg 1 matches the string in arg2 and sets a non-empty array of backreferences named arg3 |
| string |
registryvalue() |
2 args expected |
Returns a value for an MS-Win registry key,value pair |
| class |
regline() |
2 args expected |
True if the regular expression in arg1 matches a line in file arg2 |
| class |
reglist() |
2 args expected |
True if the regular expression in arg2 matches any item in the list whose id is arg1 |
| class |
regldap() |
7 args expected |
True if the regular expression in arg6 matches a value item in an ldap search |
| string |
remotescalar() |
3 args expected |
Read a scalar value from a remote cfengine server |
| class |
remoteclassesmatching() |
4 args expected |
Read persistent classes matching a regular expression from a remote cfengine server and add them into local context with prefix |
| class |
returnszero() |
2 args expected |
True if named shell command has exit status zero |
| rrange [real,real] |
rrange() |
2 args expected |
Define a range of real numbers for cfengine internal use |
| int |
selectservers() |
6 args expected |
Select tcp servers which respond correctly to a query and return their number, set array of names |
| class |
splayclass() |
2 args expected |
True if the first argument's time-slot has arrived, according to a policy in arg2 |
| slist |
splitstring() |
3 args expected |
Convert a string in arg1 into a list of max arg3 strings by splitting on a regular expression in arg2 |
| class |
strcmp() |
2 args expected |
True if the two strings match exactly |
| real |
sum() |
1 args expected |
Return the sum of a list of reals |
| string |
translatepath() |
1 args expected |
Translate path separators from Unix style to the host's native |
| class |
usemodule() |
2 args expected |
Execute cfengine module script and set class if successful |
| class |
userexists() |
1 args expected |
True if user name or numerical id exists on this host |
|
